1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/base/transport_security_state.h" 6 #include "testing/gtest/include/gtest/gtest.h" 7 8 class TransportSecurityStateTest : public testing::Test { 9 }; 10 11 TEST_F(TransportSecurityStateTest, BogusHeaders) { 12 int max_age = 42; 13 bool include_subdomains = false; 14 15 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 16 "", &max_age, &include_subdomains)); 17 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 18 " ", &max_age, &include_subdomains)); 19 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 20 "abc", &max_age, &include_subdomains)); 21 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 22 " abc", &max_age, &include_subdomains)); 23 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 24 " abc ", &max_age, &include_subdomains)); 25 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 26 "max-age", &max_age, &include_subdomains)); 27 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 28 " max-age", &max_age, &include_subdomains)); 29 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 30 " max-age ", &max_age, &include_subdomains)); 31 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 32 "max-age=", &max_age, &include_subdomains)); 33 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 34 " max-age=", &max_age, &include_subdomains)); 35 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 36 " max-age =", &max_age, &include_subdomains)); 37 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 38 " max-age= ", &max_age, &include_subdomains)); 39 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 40 " max-age = ", &max_age, &include_subdomains)); 41 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 42 " max-age = xy", &max_age, &include_subdomains)); 43 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 44 " max-age = 3488a923", &max_age, &include_subdomains)); 45 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 46 "max-age=3488a923 ", &max_age, &include_subdomains)); 47 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 48 "max-ag=3488923", &max_age, &include_subdomains)); 49 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 50 "max-aged=3488923", &max_age, &include_subdomains)); 51 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 52 "max-age==3488923", &max_age, &include_subdomains)); 53 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 54 "amax-age=3488923", &max_age, &include_subdomains)); 55 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 56 "max-age=-3488923", &max_age, &include_subdomains)); 57 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 58 "max-age=3488923;", &max_age, &include_subdomains)); 59 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 60 "max-age=3488923 e", &max_age, &include_subdomains)); 61 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 62 "max-age=3488923 includesubdomain", &max_age, &include_subdomains)); 63 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 64 "max-age=3488923includesubdomains", &max_age, &include_subdomains)); 65 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 66 "max-age=3488923=includesubdomains", &max_age, &include_subdomains)); 67 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 68 "max-age=3488923 includesubdomainx", &max_age, &include_subdomains)); 69 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 70 "max-age=3488923 includesubdomain=", &max_age, &include_subdomains)); 71 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 72 "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains)); 73 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 74 "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains)); 75 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 76 "max-age=3488923 includesubdomains x", &max_age, &include_subdomains)); 77 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 78 "max-age=34889.23 includesubdomains", &max_age, &include_subdomains)); 79 EXPECT_FALSE(net::TransportSecurityState::ParseHeader( 80 "max-age=34889 includesubdomains", &max_age, &include_subdomains)); 81 82 EXPECT_EQ(max_age, 42); 83 EXPECT_FALSE(include_subdomains); 84 } 85 86 TEST_F(TransportSecurityStateTest, ValidHeaders) { 87 int max_age = 42; 88 bool include_subdomains = true; 89 90 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 91 "max-age=243", &max_age, &include_subdomains)); 92 EXPECT_EQ(max_age, 243); 93 EXPECT_FALSE(include_subdomains); 94 95 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 96 " Max-agE = 567", &max_age, &include_subdomains)); 97 EXPECT_EQ(max_age, 567); 98 EXPECT_FALSE(include_subdomains); 99 100 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 101 " mAx-aGe = 890 ", &max_age, &include_subdomains)); 102 EXPECT_EQ(max_age, 890); 103 EXPECT_FALSE(include_subdomains); 104 105 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 106 "max-age=123;incLudesUbdOmains", &max_age, &include_subdomains)); 107 EXPECT_EQ(max_age, 123); 108 EXPECT_TRUE(include_subdomains); 109 110 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 111 "max-age=394082; incLudesUbdOmains", &max_age, &include_subdomains)); 112 EXPECT_EQ(max_age, 394082); 113 EXPECT_TRUE(include_subdomains); 114 115 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 116 "max-age=39408299 ;incLudesUbdOmains", &max_age, &include_subdomains)); 117 EXPECT_EQ(max_age, 39408299); 118 EXPECT_TRUE(include_subdomains); 119 120 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 121 "max-age=394082038 ; incLudesUbdOmains", &max_age, &include_subdomains)); 122 EXPECT_EQ(max_age, 394082038); 123 EXPECT_TRUE(include_subdomains); 124 125 EXPECT_TRUE(net::TransportSecurityState::ParseHeader( 126 " max-age=0 ; incLudesUbdOmains ", &max_age, &include_subdomains)); 127 EXPECT_EQ(max_age, 0); 128 EXPECT_TRUE(include_subdomains); 129 } 130 131 TEST_F(TransportSecurityStateTest, SimpleMatches) { 132 scoped_refptr<net::TransportSecurityState> state( 133 new net::TransportSecurityState); 134 net::TransportSecurityState::DomainState domain_state; 135 const base::Time current_time(base::Time::Now()); 136 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 137 138 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com")); 139 domain_state.expiry = expiry; 140 state->EnableHost("google.com", domain_state); 141 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com")); 142 } 143 144 TEST_F(TransportSecurityStateTest, MatchesCase1) { 145 scoped_refptr<net::TransportSecurityState> state( 146 new net::TransportSecurityState); 147 net::TransportSecurityState::DomainState domain_state; 148 const base::Time current_time(base::Time::Now()); 149 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 150 151 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com")); 152 domain_state.expiry = expiry; 153 state->EnableHost("GOOgle.coM", domain_state); 154 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com")); 155 } 156 157 TEST_F(TransportSecurityStateTest, MatchesCase2) { 158 scoped_refptr<net::TransportSecurityState> state( 159 new net::TransportSecurityState); 160 net::TransportSecurityState::DomainState domain_state; 161 const base::Time current_time(base::Time::Now()); 162 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 163 164 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "GOOgle.coM")); 165 domain_state.expiry = expiry; 166 state->EnableHost("google.com", domain_state); 167 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "GOOgle.coM")); 168 } 169 170 TEST_F(TransportSecurityStateTest, SubdomainMatches) { 171 scoped_refptr<net::TransportSecurityState> state( 172 new net::TransportSecurityState); 173 net::TransportSecurityState::DomainState domain_state; 174 const base::Time current_time(base::Time::Now()); 175 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 176 177 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com")); 178 domain_state.expiry = expiry; 179 domain_state.include_subdomains = true; 180 state->EnableHost("google.com", domain_state); 181 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com")); 182 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com")); 183 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.bar.google.com")); 184 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 185 "foo.bar.baz.google.com")); 186 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com")); 187 } 188 189 TEST_F(TransportSecurityStateTest, Serialise1) { 190 scoped_refptr<net::TransportSecurityState> state( 191 new net::TransportSecurityState); 192 std::string output; 193 state->Serialise(&output); 194 EXPECT_TRUE(state->Deserialise(output)); 195 } 196 197 TEST_F(TransportSecurityStateTest, Serialise2) { 198 scoped_refptr<net::TransportSecurityState> state( 199 new net::TransportSecurityState); 200 201 net::TransportSecurityState::DomainState domain_state; 202 const base::Time current_time(base::Time::Now()); 203 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 204 205 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com")); 206 domain_state.mode = net::TransportSecurityState::DomainState::MODE_STRICT; 207 domain_state.expiry = expiry; 208 domain_state.include_subdomains = true; 209 state->EnableHost("google.com", domain_state); 210 211 std::string output; 212 state->Serialise(&output); 213 EXPECT_TRUE(state->Deserialise(output)); 214 215 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com")); 216 EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT); 217 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com")); 218 EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT); 219 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.bar.google.com")); 220 EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT); 221 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 222 "foo.bar.baz.google.com")); 223 EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT); 224 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com")); 225 } 226 227 TEST_F(TransportSecurityStateTest, Serialise3) { 228 scoped_refptr<net::TransportSecurityState> state( 229 new net::TransportSecurityState); 230 231 net::TransportSecurityState::DomainState domain_state; 232 const base::Time current_time(base::Time::Now()); 233 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 234 235 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com")); 236 domain_state.mode = net::TransportSecurityState::DomainState::MODE_OPPORTUNISTIC; 237 domain_state.expiry = expiry; 238 state->EnableHost("google.com", domain_state); 239 240 std::string output; 241 state->Serialise(&output); 242 EXPECT_TRUE(state->Deserialise(output)); 243 244 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com")); 245 EXPECT_EQ(domain_state.mode, 246 net::TransportSecurityState::DomainState::MODE_OPPORTUNISTIC); 247 } 248